First note that concatenation is not necessary, the entire string is delimited by " "

At the very least, use the escape string functions. This does not cleanse your data, but makes it safe for database inserts. You can still get a mysql injection, but now it might actually insert. :-) Now you'll need concatenation to add the function output.

/* Rocknbill I added the backwards single quote as you said. I didn't understand why you put in the single and double quotes that you did ealier so I did the following, shoudn't this work just fine? */

Ok so no one wants to reply and why is that, is that because people here are not experienced enough, I assume that's the case? I'm new here and so it sure would be nice if someone would reply to my plea and help me using layman terms.

assuming email,name,phone,website_address are your field names and they are all strings. Every string value must start with a ' and end with a ' separated by a , . The number of values must also equal the number of fields declared.